General

  • Target

    boostup_boost_tool_cracked.zip

  • Size

    42.9MB

  • Sample

    240620-j9tmmsxfqe

  • MD5

    605eb616bbbd6465561234da0723758b

  • SHA1

    bf432dc454e82daa2bc407473236975b80a2e52a

  • SHA256

    a87cd76b25f1927111bb0d8c81585861dc614dbb84612351b2d909aa5dd97f63

  • SHA512

    2f2192033550156b90b1fb74126cc80d55a260b77a251638c2c28be124dd65a51d948a5525ac0dec4df9f2d837ecb90e77442e18582b417d9291a073b559c8b0

  • SSDEEP

    786432:Bierp1Uc4zhbVh+m6uyD018CMy5DN5EwDfeEZi8y5KbsM4/WLvDdSmRRByfp6C2U:BiQUcshnouyD28oDEwDLZiysjWLZFDBg

Malware Config

Targets

    • Target

      boostup_boost_tool_cracked.zip

    • Size

      42.9MB

    • MD5

      605eb616bbbd6465561234da0723758b

    • SHA1

      bf432dc454e82daa2bc407473236975b80a2e52a

    • SHA256

      a87cd76b25f1927111bb0d8c81585861dc614dbb84612351b2d909aa5dd97f63

    • SHA512

      2f2192033550156b90b1fb74126cc80d55a260b77a251638c2c28be124dd65a51d948a5525ac0dec4df9f2d837ecb90e77442e18582b417d9291a073b559c8b0

    • SSDEEP

      786432:Bierp1Uc4zhbVh+m6uyD018CMy5DN5EwDfeEZi8y5KbsM4/WLvDdSmRRByfp6C2U:BiQUcshnouyD28oDEwDLZiysjWLZFDBg

    Score
    1/10
    • Target

      boostup_boost_tool_cracked/config.yml

    • Size

      1KB

    • MD5

      a40c78db95f8ccae6d8b7fe740a88d87

    • SHA1

      1c40521dedb51063e7d94b66f329dc0cadfaa474

    • SHA256

      ef22b26998f0a38a528cfd13351026665e4466011da3b847257fc756ceae79f4

    • SHA512

      43cfb412e3cf52647301fa7f1bbcb715c4024e5c2941a8a412451ed72222f11b62b7f04e550f225f83bcd8ea5fe187156c595d2bf2a07aea83235c54688d51d7

    Score
    3/10
    • Target

      boostup_boost_tool_cracked/crack.dll

    • Size

      5.0MB

    • MD5

      48c30bd400f1f2510ff23eddad02d899

    • SHA1

      5eaef032b6f61c1c72a4fb5da1d926ec548c26d6

    • SHA256

      f887832e7e618a733a81cfd6c8d21099f37a226178ca4b53cddf6d62638bf740

    • SHA512

      fbb9dc2df463428b6f4f89ed0291d8e3563670f8bb1f597052abc56a7b0ce70e97ea322c15da7ab6664ae5d4af6c5f56fe2fe7d9730f2832a5ec5667f10141b7

    • SSDEEP

      98304:z2opYCYhWA5/l/CpgckBHpcIBxWjw+rqeiixL/+wefdmjLdGGf:zh655xPHpc8xBVYF/+2

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Target

      boostup_boost_tool_cracked/loader.exe

    • Size

      15.7MB

    • MD5

      e91ec77475d05260c942e6efde6a8d9a

    • SHA1

      d64e17d927269fa6504151dc716a5284312bf2b8

    • SHA256

      a5449049022450ee54e4ef25e216f81adfc6e65f8b88b92f097145c29e092424

    • SHA512

      50ffb259d564ed43958cce305a0a2e3b88563024440a28617bdc2a7d325e949b1cd5edd028d833f35db030050a0c77a2d3d066483e9b77639954549fc78cf817

    • SSDEEP

      393216:fYS0xa+FHFq5D95hRykUSx6/FlZOshouIkPftRL54YRJ:fYS0TFlqxhRykUSxA30wouTtRLz

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      l�����.pyc

    • Size

      1KB

    • MD5

      49a46017a044055c5c59b40386f44de9

    • SHA1

      10799324e222b9dc2b67299f99ecf1140b54fac7

    • SHA256

      0ae0f14bca0908f49d3aabc0217cc6f3a602a00999aebb9155f906f34d282698

    • SHA512

      14d0f760f2488c6f7cbc45dd8b470d196657afd8b95b73cfae72f4da344139cfda7db3690d8414efde119195609855b97f2d578aa47cbfa4ae184137c9fbe394

    Score
    1/10
    • Target

      boostup_boost_tool_cracked/main.exe

    • Size

      23.7MB

    • MD5

      b0ca3bcda1a2313d0903c5dcc7f75a18

    • SHA1

      14bb5e524b33ea9f1a78ec409ad7f65dc31ab9a2

    • SHA256

      1db745ceb709e87ca5bd10c65f53ade4bf07832cf37adc11d8b85b993fd1665d

    • SHA512

      26af4dca463409f4a029ba41ac84a6856b91f625d901bb296274ce747c7bb82a22ce9c170bd2a0f8ab4d32d2952e712c7f09753fe1a25d1cce95f2e59774acc2

    • SSDEEP

      393216:GrTkVIf0xOIZdjfFqLkNuJSHUtMkrEylHan+abmAT3gYTti16f9+gYlr2Iki99Br:GfkqfSOMDYLkUS0t5rPlH7W9ti16+gY8

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks